HC3, H-ISAC Urge Healthcare Sector to Prepare for Russian Cyberattacks

March 25, 2022 - The Biden-Harris Administration recently called on all private sector organizations to immediately harden their cyber defenses in preparation for potential Russian cyberattacks.  

“My Administration will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure,” Biden stated publicly.

“But the Federal Government can’t defend against this threat alone. Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors.”

While there have been no direct threats against healthcare, the sector is known to be a top target for cyberattacks. The Health Sector Cybersecurity Coordination Center’s (HC3) most recent threat brief outlined a detailed history of Russian attacks on US healthcare entities.

Conti ransomware group, which has ties to Russia, was connected to at least 300 cyberattacks against US-based organizations. Conti claimed responsibility for at least 16 US healthcare sector cyberattacks.

HC3 listed past attacks committed by NotPetya, FIN12, and Ryuk, all of which have ties to Russia. In addition, the government identified two new forms of disk-wiping malware, HermeticWiper and WhisperGate, which threat actors used to attack Ukrainian organizations shortly before Russia’s invasion.

Echoing the President’s sentiments, HC3 and Health-ISAC released a statement warning the healthcare sector to take the Administration’s advice and tighten security controls.

HC3 and H-ISAC urged healthcare organizations to:

• Have Business Continuity Plans in place and ensure those plans consider cascading impacts due to failures in other sectors (interruptions in telecommunications, electricity, fuel delivery, water, etc.).
• Understand your threat surface—what are all the areas your IT network may be vulnerable to unauthorized users or attackers who could exploit vulnerabilities to gain access to systems and confidential data.
• Be sure system default passwords are changed; use MFA everywhere possible.
• Share incident and threat information to collectively protect the healthcare community.

Healthcare organizations should assess their security architectures and make improvements wherever possible. It is crucial to follow best practices for identity and access management and implement a culture of cybersecurity via regular training.

In addition, HC3 recommended that organizations enable geo-fencing for all inbound and outbound traffic originating from Ukraine and surrounding areas. Along with having a reliable incident response plan, HC3 urged organizations to implement and practice downtime procedures and have a 4 to 6-week business continuity plan.